Total
29898 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3366 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3418 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users. | ||||
| CVE-2007-3420 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3442 | 1 Research In Motion Limited | 1 Blackberry 7270 | 2026-04-23 | N/A |
| Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header. | ||||
| CVE-2007-3512 | 1 Wakwak | 1 Lhaca File Archiver | 2026-04-23 | N/A |
| Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375. | ||||
| CVE-2007-3522 | 1 Sphpell | 1 Sphpell | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php. | ||||
| CVE-2007-3496 | 1 Sap | 4 Netweaver Nw04, Netweaver Nw04s, Sap Basis Component 640 and 1 more | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | ||||
| CVE-2007-3549 | 1 Vastal I-tech | 1 Buddy Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2007-3581 | 1 Jedox | 1 Palo | 2026-04-23 | N/A |
| The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View. | ||||
| CVE-2007-3590 | 1 B1g | 1 B1gbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||||
| CVE-2007-3608 | 1 Sap | 1 Enjoysap | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors. | ||||
| CVE-2007-3616 | 1 Vtiger | 1 Vtiger Crm | 2026-04-23 | N/A |
| index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. | ||||
| CVE-2007-3625 | 1 Citrix | 1 Metaframe Presentation Server | 2026-04-23 | N/A |
| The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. | ||||
| CVE-2007-3645 | 1 Freebsd | 1 Libarchive | 2026-04-23 | N/A |
| archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. | ||||
| CVE-2007-3663 | 1 Media Player Classic | 1 Media Player Classic | 2026-04-23 | N/A |
| Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MPA file. | ||||
| CVE-2007-3724 | 1 Microsoft | 1 Windows Xp | 2026-04-23 | N/A |
| The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | ||||
| CVE-2007-3777 | 1 Grisoft | 1 Avg Antivirus | 2026-04-23 | N/A |
| avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler. | ||||
| CVE-2007-3865 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01. | ||||
| CVE-2007-3785 | 1 Eldos Corporation | 1 Secureblackbox | 2026-04-23 | N/A |
| Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3789 | 1 Inmostore | 1 Inmostore | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||